<?php
defined('BASEPATH') OR exit('No direct script access allowed');

class Index extends MY_Controller{

    function __construct()
    {
        parent::__construct();
    }

    public function index(){
//        $body = file_get_contents('php://input');
//        $data = json_encode($_SERVER,JSON_UNESCAPED_UNICODE);
//        log_message('debug', "验证信息---".$body."-----".__CLASS__.__METHOD__."-----LINE--".__LINE__."===time:".date("Y-m-d H:i:s",time()));
//        log_message('debug', "验证信息---".$data."-----".__CLASS__.__METHOD__."-----LINE--".__LINE__."===time:".date("Y-m-d H:i:s",time()));
        // 1.获取签名header和公钥url header
//        $authorizationBase64 = "";
//        $pubKeyUrlBase64 = "";
//        if (isset($_SERVER['HTTP_AUTHORIZATION']))
//        {
//            $authorizationBase64 = $_SERVER['HTTP_AUTHORIZATION'];
//        }
//        if (isset($_SERVER['HTTP_X_MNS_SIGNING_CERT_URL']))
//        {
//            $pubKeyUrlBase64 = $_SERVER['HTTP_X_MNS_SIGNING_CERT_URL'];
//        }
//        if ($authorizationBase64 == '' || $pubKeyUrlBase64 == '')
//        {
//            header("http/1.1 403 Forbidden");
//            exit();
//        }
//        // 2.
//        $authorization = base64_decode($authorizationBase64);
//
//        // 3.
//        $pubKeyUrl = base64_decode($pubKeyUrlBase64);
//        $ch = curl_init();
//        curl_setopt($ch, CURLOPT_URL, $pubKeyUrl);
//        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
//        $pubKey = curl_exec($ch);
//        if ($pubKey == "")
//        {
//            //header("http/1.1 403 Forbidden");
//            exit();
//        }
//        // 4.获取回调body
//        $body = file_get_contents('php://input');


    }
    public function AliossCallback(){
        // 1.获取签名header和公钥url header
        $authorizationBase64 = "";
        $pubKeyUrlBase64 = "";
        if (isset($_SERVER['HTTP_AUTHORIZATION']))
        {
            $authorizationBase64 = $_SERVER['HTTP_AUTHORIZATION'];
        }
        if (isset($_SERVER['HTTP_X_MNS_SIGNING_CERT_URL']))
        {
            $pubKeyUrlBase64 = $_SERVER['HTTP_X_MNS_SIGNING_CERT_URL'];
        }

        if ($authorizationBase64 == '' || $pubKeyUrlBase64 == '')
        {
            header("http/1.1 403 Forbidden");
            exit();
        }
        // 2.获取签名
        $authorization = base64_decode($authorizationBase64);

        // 3.获取公钥
        $pubKeyUrl = base64_decode($pubKeyUrlBase64);
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $pubKeyUrl);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
        $pubKey = curl_exec($ch);
        if ($pubKey == "")
        {
            //header("http/1.1 403 Forbidden");
            exit();
        }

        // 4.拼接待签名字符串
        $authStr = '';
        $method = $_SERVER['REQUEST_METHOD'];
        $content_md5 = $_SERVER['HTTP_CONTENT_MD5'];
        $content_type = strtolower($_SERVER['HTTP_CONTENT_TYPE']);
        $date = $_SERVER['HTTP_DATE'];
        $x_mns_arr = array(
                'x-mns-request-id:'.$_SERVER['HTTP_X_MNS_REQUEST_ID'],
                'x-mns-signing-cert-url:'.$_SERVER['HTTP_X_MNS_SIGNING_CERT_URL'],
                'x-mns-version:'.$_SERVER['HTTP_X_MNS_VERSION']
        );
        sort($x_mns_arr);
        $CanonicalizedMNSHeaders = implode("\n",$x_mns_arr);

        $request_uri = $_SERVER['REQUEST_URI'];

        $authStr = $method."\n".$content_md5."\n".$content_type."\n".$date."\n".$CanonicalizedMNSHeaders."\n".$request_uri;

        // 5.验证签名
        $ok = openssl_verify($authStr, $authorization, $pubKey);
        if ($ok == 1)
        {
            //证名来自mns的回调
            header("Content-Type: application/json");
            $data = array("Status"=>"Ok");
            echo json_encode($data,JSON_UNESCAPED_UNICODE);
        }
        else
        {
            //header("http/1.1 403 Forbidden");
            exit();
        }
    }
}